This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

What’s New for ASP.NET?

Sometime
within the next month or two (or three, I suppose), Microsoft will release
version 1.1 of the .NET Framework. As you'd expect, it sports a bunch of new
features - and you can check out Microsoft's official overview at http://msdn.microsoft.com/netframework/productinfo/next/overview.asp
if you're the kind of person who likes to get the full scoop.

If you're
more like me, however, you'll prefer to know only what matters to
ASP.NET developers in this update. I talked with ASP.NET program managers Rob
Howard and Shawn Nandi to find out what changes in the Framework you should
care about.

Improved
Security

The
forms authentication feature is a cookie-based authentication system. The user
enters a username and password, which are verified, encrypted, and stored as a
cookie. In version 1.1, you can now specify requireSSL (see the following code)
so that when the cookie is sent back to the browser, SSL must be in place;
otherwise, the form throws an exception. This ensures usernames and passwords
are not sent in clear text when the negotiation of usernames and passwords is
originally being done. This will set to "false" by default:

<authentication
mode= "Forms">

<forms

name=".ASPXAUTH"

loginUrl="login.aspx"

protection="all"

timeout="30"

path="/"

requireSSL="false" <!-- New in 1.1 -->

slidingExpiration="true" <!-- New in 1.1 -->

/>

</authentication>

You'll
also notice the slidingExpiration option in the previous code, which lets you
specify whether to have the account time out in the specified time, regardless
of whether the user left then came back to the site during that period of time.

Machine.config
has several places that require a username and password. Version 1.1 now has a
way to encrypt that information so you don't have to store it in clear text.

One
crucial security fix Microsoft is making is called "Safe-postback." Before
version 1.1, you could do "cross-site scripting" - that is, you could input
HTML and JavaScript code in forms that, after postback, would store that code
back in the database. Then, when users requested that page, the code would be
retrieved from the database and executed. You can see where this could cause
massive problems. With version 1.1, if content contains any markup or script,
an exception is thrown. You can disable this feature, but it's enabled by
default.

Performance
and .NET Server

When
ASP.NET runs under .NET Server - to be released in the same timeframe - it
takes advantage of the IIS 6 process model, which lets you set up multiple
applications, each with their own process, whereas traditionally all ASP.NET
apps must run under the same process.

Another
important performance enhancement in version 1.1 comes from Shared Cache User
Controls. The new "shared" attribute means instead of each page having to
create its own cached version, pages can share information in the cache.

Starter
Kits

These
are all interesting tweaks, to be sure, but the new thing I'm most
excited about isn't even part of the .NET Framework update. About the same time
the 1.1 version of the .NET Framework becomes available, Microsoft will be releasing
a number of ASP.NET "Starter Kits." In the same way the IBuySpy sample app
makes it easy to get started on building an e-commerce site, these new Starter
Kits will give you robust, working code you can fold right in to your own
ASP.NET applications. In addition to e-commerce, expect apps that will help you
build portals, time-tracking apps, reporting apps, and communities.

By
themselves, these Starter Kits are pretty darn helpful. Expect some articles in
the near future from asp.netPRO, though, that will make them incredibly
useful. You're really going to like what we've got on tap - unless you don't
like code and real-world development strategies that can save you time and make
you more productive.

With
version 1.1 in beta and about ready to ship, it's time to start thinking about
the next big thing - ASP.NET version 2. What new features do you think we'll
see then? What new features do you think ASP.NET needs? And how long do
you think we'll have to wait for it? Peek into your crystal ball and let me
know. Send me e-mail at [email protected].

Elden Nelson is editor-in-chief of asp.netPRO and its
companion newsletter, asp.netNOW.

Tell us what you think! Please send any comments about
this article to [email protected].
Please include the article title and author.